MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

19.2.09

The question of the title would seem that we carried waledac that love through pictures and various strategies of social engineering malware is continuing its bombardment of false cards to try to infect our computers.

With a thin extension of its images, this malware, which for many is the evolution of nuwar, presents new images:

Although the act of changing the images it remains a curious fact which shows how the creators used the PsychologicalAction, forgiveness, deception strategies to manipulate the decisions of users is not as trivial as yet, despite noise that has been causing in the community, the detection rate remains poor, because less than 50% of the antivirus software detects it.

However, the actions taken by Waledac go a little beyond what we have been seeing so far, combining their method of attack through Drive-by-Download. That is, in the codehtml iframe tag embedded are:

http://chatloveonline .com/tds/Sah7

This tag redirects after several levels, an online gaming site, from which again tries to trick users into downloading a binary is completed called AllSlots.exe (MD5:90ee59131ea66f1b050916da56400dee) which is neither more nor less that other malicious code.

Waledac intelligently combines its battery of malicious instructions through various methods of deception of which, one way or another, intended to infect.While currently malware detection rate is low, it is always advisable to run a scan to prevent potential infections or, directly, not to download files from untrusted sites or links.